﻿# grant user rights on a directory and subdirectories

Clear-Host;
$file= "C:\Program Files\Microsoft SQL Server\"
$acl = Get-Acl $file

$acl.SetAccessRuleProtection($true, $true) #control parent folder inheritance
# p1 - block inheritance
# p2 - preserve previously inherited access

$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("BBAAviation\BBAUSASQLServerAdmins", "FullControl", "ContainerInherit,ObjectInherit", "InheritOnly", "Allow")
# String (name of the user or group)
# FileSystemRights  [FullControl, Modify, ReadAndExecute, ListDirectory, Read, Write]
# InheritanceFlags  [None, ContainerInherit, ObjectInherit]
# PropagationFlags  [None, InheritOnly, NoPropagateInherit]
# AccessControlType [Allow, Deny]
$acl.AddAccessRule($rule)

Set-Acl $file $acl;

Get-Acl "C:\Program Files\Microsoft SQL Server" | Format-List
Get-Acl "C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER" | Format-List
